Jan 03 2024
Welcome to Gone Phishing, your daily cybersecurity newsletter that serves as your lightcyber in the ongoing fight against the dark (web) side ???????????? Sorry, binge watched the prequels over Xmas ????
Today’s hottest cybersecurity news stories:
???? Peanuts! Google settles Incognito snooping suit for $5B ????
???? War of Legions’ ‘Ateam’ exposed 1m+ via Google Drive ????
???????? Ransomware: INC RANSOM gang breaches Xerox Corp ????️
Google has agreed to settle a class-action lawsuit, filed in June 2020, accusing the tech giant of misleading users who believed their internet activity was private in "incognito" or "private" mode. The lawsuit sought a hefty $5 billion in damages, and although the settlement terms remain undisclosed, it marks a significant resolution.
Wiretap Laws & Tracking Claims ????????
Plaintiffs claimed Google violated federal wiretap laws, using Google Analytics to surreptitiously track users' activity in private mode. This alleged tracking created an "unaccountable trove of information" about users who assumed their online privacy was protected.
Google's Defense & Judge's Ruling ????️⚖️
Google defended its position, highlighting the disclaimer displayed when activating Chrome's Incognito Mode, arguing user consent. However, U.S. District Judge Yvonne Gonzalez Rogers ruled that Google failed to explicitly inform users, undermining their claim of user consent.
Incognito Mode: The Cold Hard facts ????️♀️????
Using incognito or private mode prevents local browser activity storage but doesn't shield users from external tracking by websites. Advertising technologies and analytics APIs can still track users, emphasising the need for enhanced transparency in data collection practices.
???? TL; DR?
No judgement here lol but please be aware that while Incognito Mode may offer some privacy, external entities can still track your online activity. Stay informed for more tech and privacy updates! ????????
Learn AI in 5 minutes a day. We'll teach you how to save time and earn more with AI. Join 400,000+ free daily readers for trending tools, productivity boosting prompts, the latest news, and more.
Japanese mobile game and content creator, Ateam, recently revealed a crucial Google Drive configuration mistake that potentially exposed sensitive information for nearly one million people over six years. The misconfiguration, set to "Anyone on the internet with the link can view" since March 2017, impacted users, employees, and business partners.
???? Exposed Data & Affected Individuals ????????
Ateam confirmed 935,779 individuals had their data exposed, with 98.9% being customers. The compromised information included full names, email addresses, phone numbers, customer management numbers, and device IDs. While no evidence of theft by threat actors is found, Ateam advises vigilance against unsolicited communications.
???? Secure Your Cloud Services! ????????
The incident highlights the importance of properly securing cloud services. A misconfigured Google Drive, even with limited access, can be a risk if mistakenly exposed. Companies are urged to safeguard their cloud infrastructure to prevent inadvertent data exposure.
???? Global Cloud Security Insights ????????
Cloud misconfigurations are not uncommon, posing potential threats. Ateam's incident echoes previous cases, emphasising the need for proactive security measures. Researchers and agencies like CISA stress the importance of securing cloud services to prevent data leaks and unauthorised access.
???? Remain Vigilant & Stay Informed! ????️????
As technology advances, staying vigilant is crucial. Be aware of data exposure risks and follow recommended security practices to ensure a safer online environment. Ateam's experience serves as a timely reminder for companies to prioritise and enhance cloud security.
???? The Motley Fool: “Fool me once, shame on — shame on you. Fool me — you can't get fooled again.” Good ol’ George Dubya ???? Let us tell who’s not fooling around though; that’s the Crüe ???? at Motley Fool. You’d be a fool (alright, enough already! ????) not to check out their Share Tips from time to time so your savings can one day emerge from their cocoon as a beautiful butterfly! ???? Kidding aside, if you check out their website they’ve actually got a ton of great content with a wide variety of different investment ideas to suit most budgets ???? (LINK)
???? Wander: Find your happy place. Cue Happy Gilmore flashback ????️⛳????????️ Mmmm Happy Place… ???? So, we’ve noticed a lot of you guys are interested in travel. As are we! We stumbled upon this cool company that offers a range of breath-taking spots around the United States and, honestly, the website alone is worth a gander. When all you see about the Land of the free and the home of the brave is news of rioting, looting and school shootings, it’s easy to forget how beautiful some parts of it are. The awe-inspiring locations along with the innovative architecture of the hotels sets Wander apart from your run of the mill American getaway ????️???? (LINK)
???? Digital Ocean: If you build it they will come. Nope, we’re not talking about a baseball field for ghosts ⚾???????? (Great movie, to be fair ????). This is the Digital Ocean who’ve got a really cool platform for building and hosting pretty much anything you can think of. If you check out their website you’ll find yourself catching the buzz even if you can’t code (guilty ????). But if you can and you’re looking for somewhere to test things out or launch something new or simply enhance what you’ve got, we’d recommend checking out their services fo’ sho ???? And how can you not love their slogan: Dream it. Build it. Grow it. Right on, brother! ???? (LINK)
The INC RANSOM ransomware group has declared hacking into Xerox Corp, the renowned multinational providing global document management solutions. Xerox's diverse offerings include desktop printers, copiers, digital presses, and production systems for enterprises.
???? A Brief History of INC RANSOM! ????????
INC RANSOM, a group active since 2023, has claimed responsibility for breaching over 40 organisations. Xerox Corp is the latest victim, and the ransomware group threatens to expose allegedly stolen data. The company's Tor leak site now lists Xerox among its victims.
???? Stolen Data & Proof of Hack ????????
The ransomware group has posted images of eight documents, including emails and an invoice, as evidence of the hack. The extent of the data breach remains unclear at this point.
????️ Protecting Against Ransomware Threats ????️????
As ransomware incidents continue to rise, it's crucial for organisations to bolster their cybersecurity measures. Stay informed about the latest threats, and implement robust security protocols to safeguard sensitive data.
???? Global Impact ????????
INC RANSOM's widespread activities emphasise the pervasive nature of cyber threats. Organisations worldwide must remain vigilant and proactive to counter evolving cyber risks.
???? Stay Informed, Stay Secure! ????????️
In this era of escalating cyber threats, staying informed is key. Keep an eye on security updates, adhere to best practices, and fortify your digital defences to navigate the evolving landscape of cybersecurity.
Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!
The GeekAI: A daily 3 min newsletter on what matters in AI, with all the new AI things coming to market its good to stay ahead of the curve.
Libby Copa: The Rebel Newsletter helps writers strengthen their writing and creative practice, navigate the publishing world, and turn their art into an act of rebellion.
Techspresso: Receive a daily summary of the most important AI and Tech news, selected from 50+ media outlets (The Verge, Wired, Tech Crunch etc)
Let us know what you think!
So long and thanks for reading all the phish!
